• How to remove the virus Security Suite.
    4 replies, posted
Recently my computer got infected with malicious virus and at the time, the only way out of it was to restore to a later point, and once I did the virus was gone but windows thought it was not registered and I could not register it. I had to contact windows at this point. I got it all fixed and the virus came back, from my experience this is how you should go about removing the virus. Start your computer in safe mode, if you don't know how to do this just mash f8 or f10 when your computer starts. You may get an odd screen when your computer starts, one that you have never seen before. I believe that this virus made my computer not sure which drive to start windows from so boot your computer up mash f8 of f10 and select drive c:, you should then be able to go into safe mode.) When in safe mode download and install Spyware Cease, Malware Bytes and RegTweaker. Run Spyware Cease, Malware Bytes and whatever anti virus you already own. Once they are all done restart into safe mode. Run Regtweaker. Regtweaker will fix broken registry files that this virus is sure to mess with. This all may not get rid of the virus , so I started up task manager when I had the virus started (this virus blocks task manager) and found out the process name and location. Go to: User Name > Appdata > Local. The file should be right there under the name "gsmvyiqv." Delete it. Another way to get rid of this virus is to: 1. Download iexplore.exe (NOTE: iexplore.exe file is renamed HijackThis tool from TrendMicro). Launch the iexplore.exe and click "Do a system scan only" button. If you can't open iexplore.exe file then download explorer.scr and run it. 2. Search for similar entries in the scan results: R1 – HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1 O4 – HKLM\..\Run: [mreqslst] C:\Documents and Settings\[User]\Local settings\Application data\rhfrlps\ncfdskshdw.exe O4 – HKCU\..\Run: [mreqslst] C:\Documents and Settings\[User]\Local settings\Application data\rhfrlps\ncfdskshdw.exe The process name will be different in your case [SET OF RANDOM CHARACTERS]shdw.exe, located in C:\Documents and Settings\[UserName]\Local settings\Application data\ Select all similar entries and click once on the "Fix checked" button. Close HijackThis tool. 3. Delete the follow file C:\WINDOWS\Prefetch\[RANDOM]SHDW.EXE-[RANDOM].pf if exists. 4. Download at least one anti-malware program from the list below and run a full system scan. * MalwareBytes Anti-malware * SUPERAntispyware * Spybot S&D * Spyware Doctor NOTE: before saving the selected program onto your computer, please rename the installer to winlogon.exe or iexplore.exe. With all of these tools, if running Windows 7 or Vista they MUST be run as administrator. Launch the program and follow the prompts. Don't forget to update the installed program before scanning. 5. New threats appear every day. In order to protect your PC from such (new) infections we strongly recommend you to use ESET Smart Security. This was taken from [url]www.deletewalware.blogspot.com[/url] The manual method of getting rid of this is to remove: Files: * %UserProfile%\Local Settings\Application Data\SET OF RANDOM CHARACTERS]\ * %UserProfile%\Local Settings\Application Data\SET OF RANDOM CHARACTERS]\SET OF RANDOM CHARACTERS]shdw.exe * C:\Users\User\AppData\Local\[SET OF RANDOM CHARACTERS] (Windows Vista & Windows 7) * C:\WINDOWS\Prefetch\[RANDOM]SHDW.EXE-[RANDOM].pf (if exists) Registry values: * HKEY_CURRENT_USER\Software\wnxmal * HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" = "1" * HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PhishingFilter "Enabled" = "0" * HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyOverride" = "" * HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyServer" = "http=127.0.0.1:6522" * HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes" = ".exe" * HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments "SaveZoneInformation" = "1" * HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "" * HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache "%UserProfile%\Desktop\flash_player_installer\flash_player_installer.exe" * HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "" * HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "CheckExeSignatures" = "no" * HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyEnable" ="1" I hoped this helps you guys, cause this virus is devastating.
Restore your computer with original restore disks, if you don't have them, look for them online.
or do this and don't lose your data
Sofa king helpful.
Don't get a virus in the first place? I use the sandbox feature in comodo if anything is even a little bit sketchy.
Sorry, you need to Log In to post a reply to this thread.